agenttesla | 2c9c9a90e7adc3c9726d90c1cb0b174573a5a976cb3537d24201651158504014 | Triage

Submit
Reports

Overview

overview

Static

static

1

2c9c9a90e7...14.exe

windows7-x64

2c9c9a90e7...14.exe

windows10-2004-x64

Sharing

General

Target

2c9c9a90e7adc3c9726d90c1cb0b174573a5a976cb3537d24201651158504014
Size

305KB
Sample

230207-bbyvpsgg52
MD5

b0a522ce1c7f4bb5460c1579cc94c8b9
SHA1

09c2be0481136b3ba1b18288e924c19811d8ba85
SHA256

2c9c9a90e7adc3c9726d90c1cb0b174573a5a976cb3537d24201651158504014
SHA512

4954a22d1ef374541565efc35f61e4bf01332c110a9f511c091c18602a674dcd7f10921c869596d873fd389bdcf0d0eca5bbee01f3e97f5977b5185295cf0805
SSDEEP

3072:S5UueM5x5mL905+Xx/5+L/zp9kzXR/E9bX4Dr1ZhPf/7a46ndtrQzePCi/cs:mxeMP5p+h/5+L/AXhE9LorrhHDyx

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

2c9c9a90e7adc3c9726d90c1cb0b174573a5a976cb3537d24201651158504014.exe

Resource

win7-20220812-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2c9c9a90e7adc3c9726d90c1cb0b174573a5a976cb3537d24201651158504014.exe

Resource

win10v2004-20221111-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.mgcpakistan.com/
Port:
21
Username:
[email protected]
Password:
boygirl123456

Targets

- Target
  
  2c9c9a90e7adc3c9726d90c1cb0b174573a5a976cb3537d24201651158504014
- Size
  
  305KB
- MD5
  
  b0a522ce1c7f4bb5460c1579cc94c8b9
- SHA1
  
  09c2be0481136b3ba1b18288e924c19811d8ba85
- SHA256
  
  2c9c9a90e7adc3c9726d90c1cb0b174573a5a976cb3537d24201651158504014
- SHA512
  
  4954a22d1ef374541565efc35f61e4bf01332c110a9f511c091c18602a674dcd7f10921c869596d873fd389bdcf0d0eca5bbee01f3e97f5977b5185295cf0805
- SSDEEP
  
  3072:S5UueM5x5mL905+Xx/5+L/zp9kzXR/E9bX4Dr1ZhPf/7a46ndtrQzePCi/cs:mxeMP5p+h/5+L/AXhE9LorrhHDyx
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy